package seedswapapplication

/*
 * UserStorageController controls all access to the database with regards to Farmers and Admins
 */
class UserStorageController {
	/*
	 * This action searches the database for all locked out farmers and then directs to a page where
	 * these farmers are listed and can be unlocked
	 */
	def unlockFarmerPage = {
		if(!session.isAdmin)
		{
			flash.message = "You must be logged in as an admin to access this page."
			redirect(url:"/")
		}
		else
		{
			def lockedList = Farmer.findAllByLoginAttemptsGreaterThan(2)
			[lockedList:lockedList]
		}
	}
	
	/*
	 * This action is called when a login attempt is made.
	 * The database is searched for both farmers and admins. 
	 * Incorrect logins and lockouts are handled and this action redirects 
	 * to the appropriate home page for a farmer or an admin upon a successful login
	 */
	def authenticate = {
		def farmer = Farmer.findWhere(login:params.username)
		boolean success = false;
		boolean locked = false;
		if (farmer)
		{
			if(farmer.loginAttempts>2)
			{
				flash.message = "Your account is locked. Please contact an administrator."
				locked=true;
				redirect(controller:'client',action: 'login')
			}
			else
			{
				if(farmer.password.equals(params.password))
				{
					success=true;
				}
				else
				{
					farmer.loginAttempts++
				}
			}
			session.isAdmin = false
		}
		def administrator = Admin.findByLoginAndPassword(params.username, params.password)
		if(administrator)
		{
			session.username = params.username
			session.loggedInMessage = "Current Administrator: "+session.username
			session.isAdmin = true
			redirect(controller:'client',action: 'adminPage')
		}
		else if(!locked)
		{
			if(success)
			{
				session.username = params.username
				session.loggedInMessage = "Current User: "+session.username
				redirect(url: '/')
			}
			else
			{
				flash.message = "Login failed"
				redirect(controller:'client',action: 'login')
			}
		}
	}
	
	/*
	 * This action handles unlocking a farmer 
	 */
	def unlockFarmer =
	{
		Farmer toUnlock = Farmer.findWhere(login: params.login)
		if(toUnlock)
			toUnlock.loginAttempts = 0
		redirect(action: 'unlockFarmerPage')
	}
	
	/*
	 * This action actually adds a farmer to the database based on parameters defined in params
	 */
	def createFarmer = {
		def farmer = Farmer.findWhere(login:params.username)
		
		if (farmer){
			flash.message = "Username "+params.username+" is already taken. Select another username."
			redirect(controller:'client',action: 'register')
		
		}else{
			flash.message = "Registration successful. Login with your new username and password"
			farmer = new Farmer()
			farmer.login = params.username
			farmer.password = params.password
			farmer.loginAttempts = 0
			farmer.email = params.email
			farmer.climateZone = params.zone
			farmer.address = params.address
			farmer.name = params.name
			farmer.interests = params.interests
			farmer.save();
			redirect(controller:'client',action: 'login')
		}
	}
}
